Full Disclosure mailing list archives
Re: Linux Kernel CIFS Vulnerability
From: Eugene Teo <eugeneteo () kernel sg>
Date: Tue, 14 Apr 2009 11:53:01 +0800
Hi Andreas, On Tue, Apr 14, 2009 at 2:22 AM, Andreas Bogk <andreas () andreas org> wrote:
Eugene Teo schrieb:Btw, Linux distributors only send out an advisory if they have fixed something. As for the CIFS vulnerability, as Marcus has mentioned, a fix is still being worked on. You can keep track of the progress here: http://thread.gmane.org/gmane.comp.security.oss.general/1620/focus=1629I take back what I said about the vendors, this seems to be a reasonable way to handle the issue. I'm still shaking my head about the kernel
Thanks.
maintainers, though.
I have seen genuine cases where some developers themselves do not know the security consequences of the bugs they fixed. But of course, I have also seen the very obvious ones that were fixed silently. Sadly, it is not an easy problem to solve, but the situation can improve[1]. [1]http://oss-security.openwall.org/wiki/mailing-lists/oss-security Eugene -- http://www.kernel.sg/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Linux Kernel CIFS Vulnerability, (continued)
- Re: Linux Kernel CIFS Vulnerability Valdis' Mustache (Apr 09)
- Re: Linux Kernel CIFS Vulnerability Andreas Bogk (Apr 10)
- Re: Linux Kernel CIFS Vulnerability Raj Mathur (Apr 09)
- Re: Linux Kernel CIFS Vulnerability Nick Boyce (Apr 09)
- Re: Linux Kernel CIFS Vulnerability Marcus Meissner (Apr 10)
- Re: Linux Kernel CIFS Vulnerability Thierry Zoller (Apr 10)
- Re: Linux Kernel CIFS Vulnerability Marcus Meissner (Apr 10)
- Re: Linux Kernel CIFS Vulnerability Thierry Zoller (Apr 10)
- Re: Linux Kernel CIFS Vulnerability Eugene Teo (Apr 11)
- Re: Linux Kernel CIFS Vulnerability Andreas Bogk (Apr 13)
- Re: Linux Kernel CIFS Vulnerability Eugene Teo (Apr 13)
- Re: Linux Kernel CIFS Vulnerability Thierry Zoller (Apr 10)